Vulnerability Details CVE-2020-8191
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.895
EPSS Ranking 99.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2020-8191
-
cpe:2.3:h:citrix:4000-wo:-
-
cpe:2.3:h:citrix:4100-wo:-
-
cpe:2.3:h:citrix:5000-wo:-
-
cpe:2.3:h:citrix:5100-wo:-
-
cpe:2.3:h:citrix:application_delivery_controller:-
-
cpe:2.3:h:citrix:gateway:-
-
cpe:2.3:h:citrix:netscaler_gateway:-
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:10.5
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:11.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.0
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.238
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:12.1-55.291
-
cpe:2.3:o:citrix:application_delivery_controller_firmware:13.0
-
cpe:2.3:o:citrix:gateway_firmware:13.0
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:10.5
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:11.1
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.0
-
cpe:2.3:o:citrix:netscaler_gateway_firmware:12.1
-
cpe:2.3:o:citrix:sd-wan_wanop:10.2
-
cpe:2.3:o:citrix:sd-wan_wanop:11.0
-
cpe:2.3:o:citrix:sd-wan_wanop:11.1